{"id":65753,"date":"2021-07-15T06:00:48","date_gmt":"2021-07-14T20:00:48","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=65753"},"modified":"2021-07-14T15:27:17","modified_gmt":"2021-07-14T05:27:17","slug":"exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/","title":{"rendered":"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"610\" class=\"alignnone size-large wp-image-65756\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design-1024x610.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design-1024x610.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design-205x122.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design-768x458.jpg 768w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg 1300w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<p>Ransomware attacks are now a global epidemic and Australia is a prime target. That\u2019s because ransomware is scalable, ransomware attacks can be commoditised and ransomware criminals are essentially \u2018guns for hire\u2019.<\/p>\n<p>Bringing a huge organisation to a grinding halt can cost as little as $66\u2014the measly outlay for some \u2018advanced\u2019 ransomware tools sold on the dark web. It\u2019s a low cost for a potentially lucrative reward. On the flipside, the cost for victims to respond and recover from ransomware attacks can run into many millions.<\/p>\n<p>Over the past 18 months in Australia, major logistics company Toll Holdings has been hit twice; Nine Entertainment fell prey, struggling to televise news bulletins and produce newspapers; and global meat supplies were affected after Australian and international operations of JBS Foods were brought to a standstill.<\/p>\n<p>In a <a href=\"https:\/\/www.aspistrategist.ru\/report\/exfiltrate-encrypt-extort\" target=\"_blank\" rel=\"noopener\">new policy report<\/a> for <a href=\"https:\/\/www.aspistrategist.ru\/program\/international-cyber-policy-centre\" target=\"_blank\" rel=\"noopener\">ASPI\u2019s International Cyber Policy Centre<\/a>, Anne-Louise Brown and I argue that there\u2019s a policy vacuum in Australia that makes it an attractive market for ransomware attacks, and that the problem will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed. The number of attacks will continue to grow if urgent action isn\u2019t taken to reduce the incentives to target Australian companies and other entities.<\/p>\n<p>All governments, civil-society groups and businesses\u2014large and small\u2014need to know how to manage and mitigate the risk of ransomware, but organisations can\u2019t deal with the attacks on their own. There is a central role for government to play.<\/p>\n<p>While there\u2019s no doubt ransomware is difficult to tackle using traditional law enforcement methods because the criminal actors involved are usually located offshore, there are domestic policy levers that can be pulled to support cybersecurity uplift across the economy. Such action is essential because the grim reality is that, when it comes to ransomware, prevention is the best response.<\/p>\n<p>There needs to be greater clarity regarding the legality of ransomware payments, increased transparency when attacks do occur, the adoption of a mandatory reporting regime and incentivisation for businesses to bolster their cyber defences through tax, procurement and subsidy measures. Australia would also benefit from the establishment of a dedicated cross-departmental ransomware taskforce, similar to that recently launched by the US Department of Justice.<\/p>\n<p>When a ransomware attack occurs, any payment made has legal implications, but in Australia the legality of such a payment is murky at best. This is an issue that needs to be addressed with haste, without the burden of bureaucratic process and a regulatory quagmire. Importantly, criminalising ransomware payments isn\u2019t the solution. Mandatory reporting of ransomware attacks, however, should be considered. A non-punitive model would foster an information-sharing culture without fear of legal consequences for organisations that pay ransoms, not punish victims twice.<\/p>\n<p>Transnational cyberattacks are a serious concern for Australians. The recently published results of the <a href=\"https:\/\/poll.lowyinstitute.org\/\" target=\"_blank\" rel=\"noopener\">2021 Lowy Institute poll<\/a> found 98% of respondents viewed \u2018cyber attacks from other countries\u2019 as a critical (62%) or important (36%) threat to Australia over the next decade. That makes transnational cyberattacks the highest ranking of the 12\u00a0threats to Australia\u2019s vital interests respondents were asked about\u2014more of a concern than climate change, global pandemics, international terrorism, severe economic downturn and Australia\u2013China relations.<\/p>\n<p>As it stands, there\u2019s a dearth of official public data relating to ransomware attacks in Australia. For example, in 2019\u201320 the Australian Cyber Security Centre reported an increase in the number of domestic ransomware attacks, but no specific metrics were released. This is in stark contrast to the US, which has a much more transparent reporting system. The FBI publicly reported that it recorded 2,474 ransomware incidents in 2020, amounting to US$29.1\u00a0million in economic losses.<\/p>\n<p>Ransomware isn\u2019t an abstract possibility. In Australia, the threat\u2019s right here, right now and isn\u2019t going away. There\u2019s a key role for the Australian government to play in leading the way, but tackling ransomware is a shared responsibility.<\/p>\n<p>While there\u2019s no doubt that organisations must take responsibility for ensuring that their cybersecurity posture is up to scratch, there are practical and easily implementable steps the government can take to provide clarity, guidance and support.<\/p>\n<p>The ongoing ransomware attacks that continue to strike unabated around the world must act as a red flag. And, because we\u2019ve been warned, we need a plan.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware attacks are now a global epidemic and Australia is a prime target. That\u2019s because ransomware is scalable, ransomware attacks can be commoditised and ransomware criminals are essentially \u2018guns for hire\u2019. Bringing a huge organisation &#8230;<\/p>\n","protected":false},"author":1025,"featured_media":65756,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[17,713,1948],"class_list":["post-65753","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australia","tag-cyberattack","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Ransomware attacks are now a global epidemic and Australia is a prime target. That\u2019s because ransomware is scalable, ransomware attacks can be commoditised and ransomware criminals are essentially \u2018guns for hire\u2019. Bringing a huge organisation ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-14T20:00:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-14T05:27:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1300\" \/>\n\t<meta property=\"og:image:height\" content=\"775\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rachael Falk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rachael Falk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg\",\"width\":1300,\"height\":775},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/\",\"name\":\"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#primaryimage\"},\"datePublished\":\"2021-07-14T20:00:48+00:00\",\"dateModified\":\"2021-07-14T05:27:17+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/8960af01fe98f59d4359389f5581c89d\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/8960af01fe98f59d4359389f5581c89d\",\"name\":\"Rachael Falk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/174c15abbe245de6d56c684d7849378a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/174c15abbe245de6d56c684d7849378a?s=96&d=mm&r=g\",\"caption\":\"Rachael Falk\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/rachael-falk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/","og_locale":"en_US","og_type":"article","og_title":"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist","og_description":"Ransomware attacks are now a global epidemic and Australia is a prime target. That\u2019s because ransomware is scalable, ransomware attacks can be commoditised and ransomware criminals are essentially \u2018guns for hire\u2019. Bringing a huge organisation ...","og_url":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2021-07-14T20:00:48+00:00","article_modified_time":"2021-07-14T05:27:17+00:00","og_image":[{"width":1300,"height":775,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg","type":"image\/jpeg"}],"author":"Rachael Falk","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Rachael Falk","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/07\/ICPC-graphic-by-Jake-Moody-of-Leading-Hand-Design.jpg","width":1300,"height":775},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/","url":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/","name":"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#primaryimage"},"datePublished":"2021-07-14T20:00:48+00:00","dateModified":"2021-07-14T05:27:17+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/8960af01fe98f59d4359389f5581c89d"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/exfiltrate-encrypt-extort-the-global-rise-of-ransomware-and-australias-policy-options\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Exfiltrate, encrypt,\u00a0extort: the global rise of ransomware and Australia\u2019s policy options"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/8960af01fe98f59d4359389f5581c89d","name":"Rachael Falk","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/174c15abbe245de6d56c684d7849378a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/174c15abbe245de6d56c684d7849378a?s=96&d=mm&r=g","caption":"Rachael Falk"},"url":"https:\/\/www.aspistrategist.ru\/author\/rachael-falk\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65753"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1025"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=65753"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65753\/revisions"}],"predecessor-version":[{"id":65757,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/65753\/revisions\/65757"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/65756"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=65753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=65753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=65753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}